1 / 33

Alternatives to Passwords

Alternatives to Passwords. David Bohn. Password : History. The average working professional has 6 passwords to perform daily functions Passwords if used correctly are low risk, cost effective Most common source of security. Password : Problem.

zeheb
Download Presentation

Alternatives to Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Alternatives to Passwords David Bohn

  2. Password : History • The average working professional has 6 passwords to perform daily functions • Passwords if used correctly are low risk, cost effective • Most common source of security

  3. Password : Problem • Users usually use “weak” passwords, because “strong” passwords are hard to remember. • Passwords written down and not placed in a secure area. • Sharing passwords. • Most computer attacks

  4. Current Solutions A few Solutions: • Biometrics • Smart Cards • Radio Frequency ID (RFID)

  5. Biometrics : Defined • The automated use of physiological or behavioral characteristics to determine or verify identity. • data derived from direct measurement of a part of the human body

  6. Biometric : Benefits Employer Reduced costs – password maintenance Reduced costs – no buddy punching Increased security – no shared or compromised passwords Increased security – deter and detect fraudulent account access Increased security – no badge sharing in secure areas

  7. Biometric : Benefits Employees Convenience – no passwords to remember or reset Convenience – faster login Security – confidential files can be stored securely Consumers Convenience – no passwords to remember or reset Security – personal files, including emails, can be secured Security – online purchases safer when enabled by biometric Privacy – ability to transact anonymously

  8. Biometrics : Leading Technologies • Fingerprint (optical, silicon, ultrasound, touch less) • Facial recognition (optical and thermal) • Voice recognition (not to be confused with speech recognition) • Iris recognition • Retina-scan • Hand geometry - Signature-scan

  9. Biometrics : Fingerprints • Most common and used biometric approach • Optical vs. Silicon vs. Ultrasound • Main uses of fingerprints: daily access to networks and PCs, enter restricted areas, and to authorize transactions

  10. Biometrics : Fingerprints • Door locks are around $200 and up • USB drive with fingerprint reader $80 and up

  11. Biometric : Fingerprints Optical reads • Oldest and most widely used • A charged coupler device converts image • Focuses on dark ridges and light valleys. • Transmitted as a digital signal.

  12. Biometric : Fingerprints Silicon reads • Works as a DC capacitance. The plate as one capacitor and the finger is the other. • Converts prints into an 8bit grayscale digital image. • Better quality than optical, with less surface area than optical

  13. Biometric : Fingerprints Ultrasound • Considered the most accurate of the three. • Transmits acoustic waves and measures the distance bases on the impedance of the finger. • Capable of penetrating dirt and residue.

  14. Cold finger  Dry/oily finger  High or low humidity  Manual activity that would mar or affect fingerprints (construction, gardening)  Pressure of placement  Location of finger on platen (poorly placed core)  Cuts to fingerprint  Angle of finger placement Biometric : Problems with Fingerprints

  15. Biometrics : Facial Recognition • Feature analysis • Feature analysis is robust enough to perform 1-1 or 1-many searches • Utilizes distinctive features of the face • Verification time from “system ready” prompt: 3-4 seconds

  16. Change in facial hair  Change in hairstyle  Adding/removing hat, glasses  Quality and placement of camera ‘Loud’ clothing that can distract face location  Change in weight  Angle at which facial image is captured Too much movement  Quality of capture device  Lighting conditions  Biometric : Problems with Facial Recognition

  17. Biometric : Voice Recognition • Voice recognition vs. Speech Recognition • Voice recognition verifies the identity of the individual who is speaking • Utilizes the distinctive aspects of the voice to verify the identity of individuals

  18. Biometric : Problems with Voice Recognition • Cold or illness that affects voice • Different enrollment and verification capture devices • Different enrollment and verification environments (inside vs. outside) • Speaking softly • Variation in background noise • Poor placement of microphone / capture device  • Quality of capture device 

  19. Biometric : Iris Scans • Primary visible characteristic is the trabecular meshwork • Other visible characteristics include rings, furrows, freckles, and the corona

  20. Biometric : Iris Scan • Trabeculum of loose fibers found at the iridocorneal angle between the anterior chamber of the eye and the venous sinus of the sclera; the aqueous humor filters through the spaces between the fibers into the sinus and passes into the bloodstream.

  21. Biometric : Problems with Iris Scans • Too much movement of head or eye • Glasses – Colored Contacts • Takes a long time for most people to before acquainted with the system • User placed between 2-18 inches away. Capture and verification are nearly immediate.  Typical verification time from “system ready” prompt: 3-5 seconds

  22. Biometric : Retina Scan • Verify blood vessel patterns on retina • Typical verification time from “system ready” prompt: 10-12 seconds.

  23. Biometric : Problems with Retina Scans • Too much movement of head or eye • Glasses

  24. Biometric : Hand Recognition • Inferring the length, width, thickness, and surface area of the hand and fingers from silhouetted images projected within the scanner. • Over 90 measurements are taken • Some are based on the shape and characteristics of the index and middle finger.   • Relatively accurate technology, but does not draw on as rich a data set as finger, face, or iris

  25. Biometric : Problems with Hand Recognition • Jewelry • Change in weight • Bandages • Swelling of joints • Also very costly startup • Cannot perform 1 –to-many searches

  26. Smart Cards • Inside of a smart card usually contains an embedded 8-bit microprocessor • The microprocessor on the smart card is there for security. The host computer and card reader actually "talk" to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory,it would be no different than a diskette

  27. Smart Cards • Average Smart Card Specs. • 1 kb of RAM • 24 kilobytes of ROM • 16 kilobytes of programmable ROM • 8-bit microprocessor running at 5 MHz Uses of Smart Cards • Credit cards • Electronic cash • Computer security systems • Wireless communication • Loyalty systems (like frequent flyer points) • Banking • Government identification

  28. Problems with Smart Cards • The United States still relies heavily on magnetic strips. • Costly startup fee • Codes can be found figured out by watching power consumption

  29. Radio Frequency ID • Works with radio frequency (RF) technology • Uses low frequency and low power, it does not interfere with other telemetry equipment • A user within the proximity of the computer, the user is allowed access to the system. When they leave the computer is locked again.

  30. Radio Frequency ID • From 3 to 30 Feet • Passive (no battery) vs. Active Problems with RFID Hard to read near metal or if the transmitter has passed through water.

  31. Up and Coming Biometrics • DNA • Ear Shape • Odor (human scent) • Vein-scan • Nailbed Identification (ridges in fingernails) • Gait Recognition (manner of walking)

  32. Suggested Password Solutions • Omit the last character or two. • Add extra characters. • Systematically change one character in the password (for example, the second character is always one more than what it should be, if the letter written down is B, then you actually type A

  33. Passwords If used correctly passwords • Provide a low risk • Cost Effective • Familiar interface to authenticate into systems.

More Related